> You might need to make the request for /login.do (rather than > simply /login) depending on how your ActionServlet is mapped.
You were right on the money! I changed the form to post to login.do and now it works, but only if I'm already authenticated! If I haven't already authenticated, then I get the same error as before (400 - User is not authorized to access action /login). Which takes me to your next point: > I am not sure how much value the roles attribute for an > action has if it can't invoke the authentication sequence > (i.e. send you to the login page, and get you back to your > original request). It seems you would have to duplicate the I assumed Struts would in fact do this. If it doesn't then I don't see how this feature can even be useful. I definitely don't want my user to get an error message when they try to access the site. Can someone confirm if Struts can provide this functionality (sending the user to a login page and then returning them to the original action requested)? > Also, watch out for specifying http-methods in web.xml, as > the settings won't match if the request is using a different > method. This might be okay if you want to ONLY allow GETs and > POSTs and block access to everything else with another You lost me. What else is there besides GET & POST? We're doing a basic webapp, HTML browser based. Thanks for the help, Michael -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
